- Newest
- Most votes
- Most comments
Hello,
You are right 😕 Lambdas within a VPC can take time to be destroyed by CDK. Here are some docs explaining why and some workarounds:
- https://repost.aws/questions/QUtt3ys-VnT3uHw7yzIJx5AQ/is-it-possible-to-speed-up-deletion-of-a-vpc-attached-lambda-within-a-cloudformation-stack
- https://stackoverflow.com/questions/47957820/lambda-in-vpc-deletion-takes-more-time
Hope this helps! 😊
The slow deletion of Lambda functions in CloudFormation, especially when they are connected to a VPC, is a known issue that can occur due to the way AWS manages network interfaces associated with Lambda functions.
When you delete a Lambda function that is connected to a VPC, CloudFormation needs to wait for AWS Lambda to delete the associated network interfaces before it can proceed with deleting other resources. This process can sometimes take a considerable amount of time, leading to the slow deletion you're experiencing.
To address this issue, you can try the following:
-
Ensure that your CloudFormation stack has the necessary permissions to monitor and delete network interfaces. Specifically, the
ec2:DescribeNetworkInterfaces
permission is required for CloudFormation to monitor the state of network interfaces. -
If your stack is in a DELETE_FAILED state due to issues with deleting certain resources (like non-empty S3 buckets), you can use the new DeletionMode parameter with the FORCE_DELETE_STACK value for the DeleteStack API. This allows you to forcefully delete stacks that are in a DELETE_FAILED state.
-
For Lambda@Edge functions, make sure to remove all associations with CloudFront distributions before attempting to delete the function. After removing associations, wait a few hours for the Lambda@Edge function replicas to be cleaned up automatically before deleting the function.
-
If you're frequently creating and deleting Lambda functions for testing purposes, consider using a separate stack for your Lambda functions or implementing a strategy to manage function versions more efficiently.
-
If the issue persists, you may want to reach out to AWS support for further assistance, as there might be underlying issues specific to your account or region.
Remember that while these steps can help mitigate the issue, some delay in deleting Lambda functions connected to VPCs is expected due to the necessary cleanup of network resources.
Sources
AWS::Lambda::Function VpcConfig - AWS CloudFormation
AWS CloudFormation accelerates dev-test cycle with a new parameter for DeleteStack API - AWS
Delete Lambda@Edge functions and replicas - Amazon CloudFront
DeleteFunction - AWS Lambda
Total time: 2507.59s
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 4 years ago
Thanks Jordan. I thought that might be the problem but is that still really the expected behaviour? I thought this might have meant it was speeded up a bit https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/. At least if cloudformation mentioned something about attempting to delete this ENI we would know what we are waiting for.